package com.pretty.adminapp.configure;

import com.pretty.adminapp.service.LoginSuccessHandler;
import com.pretty.adminapp.service.SecurityAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * 类描述：
 * 创建者：袁越
 * 创建日期：2017/4/8
 * 创建时间：12:26
 * Copyright:版权
 * © 2016-2020 上海金扳手科技信息股份有限公司 All rights reserved.
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private SecurityAuthenticationProvider provider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //允许访问静态资源和rest api
        http.authorizeRequests()
                .antMatchers("/static/**", "/upload", "/css/**", "/js/**", "/images/**",
                        "/resources/**", "/lib/**", "/skin/**", "/template/**",
                        "/api/**")
                .permitAll();
        http.authorizeRequests().anyRequest().authenticated();
        //访问失败页url
        http.formLogin().failureUrl("/login?error").
                //登录信息保存
                        successHandler(loginSuccessHandler()).
                //访问成功页url
                        defaultSuccessUrl("/index")
                //默认访问页
                .loginPage("/login")
                .permitAll().and().logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                //注销失败跳转到登录页面
                .logoutSuccessUrl("/login").permitAll();

        // 允许iframe 嵌套
        http.headers().frameOptions().disable();
        //关闭csrf 防止循环定向
        http.csrf().disable();
    }


    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
        web.ignoring().antMatchers("/webjars/**");
        web.ignoring().antMatchers("/img/**");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        //采用自定义验证
        auth.authenticationProvider(provider);
        //需要采用加密
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public Md5PasswordEncoder passwordEncoder() {
        return new Md5PasswordEncoder();
    }

    /**
     * 用户或者管理员登录日志
     */
    @Bean
    public LoginSuccessHandler loginSuccessHandler() {
        return new LoginSuccessHandler();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

}